[keycloak-user] Changing login form in OIDC Authorization Code Flow

[Marek Posolda]

We have Authentication SPI (see docs and example distribution for 
details and directory "providers" in it).

We also have identityProvider SPI, which allows to redirect to external 
OIDC, OAuth2 or SAML provider to authentication and then redirect back 
to Keycloak. If your external service can communicate via some of these 
protocols, you could be fine without even need to code any custom 
authenticators.

Marek

On 10/02/17 09:35, Daniel Radzikowski wrote:
> Hi,
>
> I'm trying to use OpenID Connect interface provided by Keycloak and I've
> got one doubt: is there any way to customize the login form returned by
> Keycloak to /protocol/openid-connect/auth request in Authorization Code
> Flow? By customizing I mean not only changing the page itself, but also the
> way the form is processed, e.g. it would call external service and after
> successful authentication, user would be redirected to redirect_uri with
> code granted (assuming session in Keycloak was created somehow in the
> meantime).
>
> If there isn't as I guess, would it be acceptable to implement such a
> feature and merge it? I suppose it would be compliant with OpenID Connect
> Authorization Code Flow.